At this point, you need the TLS-o-matic certificate in your CA list on the system you are testing from.

FAIL: This test should fail due to a bad host name in the certificate

When accessing a TLS server, the client has some form of address it wants to reach. In this case, it’s “test2.tls-o-matic.com“. This exact address needs to be in the certificate in order for the client to verify that it is indeed accessing the server it was looking for.

Remember that the certificate is a trusted certificate (if you trust our CA). It’s not just valid for this server.

Each protocol has it’s own rules on what to look for when validating a certificate to a request. In SIP, it’s the domain part of the request URI.

Fork us on Github

All the tests, including keys and certificates, are available on Github.
https://github.com/edvinanet/tls-o-matic
That's also where you will find all the current tests while waiting for us to write documentation here.

What is TLS?

"The TLS protocol provides communications security
over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."
From RFC 5446 that defines the current TLS - version 1.2. Wikipedia is also a good help in explaining TLS.